WhatsApp Remote Code Execution Vulnerability is a double-free memory corruption bug that doesn’t actually reside in WhatsApp code itself, but in an open-source GIF image parsing library that WhatsApp uses. The vulnerability does not get triggered by sending a malicious GIF file to a victim; instead it gets executed when the victim opens the WhatsApp Gallery Picker while trying to send any media file to someone. The issue affects WhatsApp versions 2.19.230 and older versions running on Android 8.1 and 9.0, but does not work for 8.0 and below.
Source: https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html